Closed IsaacMilarky closed 3 months ago
OSSF Scorecard currently gives us a 0 in the SAST category. https://github.com/DSACMS/metrics/security/code-scanning/31
Add GitHub CodeQL scanning to every commit to satisfy OSSF scorecard requirements.
Add codeql.yml to workflows.
codeql.yml
Add GitHub CodeQL
Problem
OSSF Scorecard currently gives us a 0 in the SAST category. https://github.com/DSACMS/metrics/security/code-scanning/31
Solution
Add GitHub CodeQL scanning to every commit to satisfy OSSF scorecard requirements.
Result
Add
codeql.ymlto workflows.